From patchwork Tue May 11 18:57:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilias Apalodimas X-Patchwork-Id: 434222 Delivered-To: patch@linaro.org Received: by 2002:a02:c901:0:0:0:0:0 with SMTP id t1csp4114076jao; Tue, 11 May 2021 11:57:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzVuWO9KA4pRY34j1eSdPsc+RHM0T85+0bO6tTcbDataPVkiJ4Cna69hz4uneF4o/6xOvCv X-Received: by 2002:a17:906:a51:: with SMTP id x17mr33325236ejf.25.1620759473218; Tue, 11 May 2021 11:57:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620759473; cv=none; d=google.com; s=arc-20160816; b=yVR3yNniZkqwLeowIkI9L50z7bQXoIPEcFbIYc/N0+/9okw6o9dYCR/p+3o2mcNOAB 27InAAcjuVUTUnCqTWzIl23i5A7Zz33rYnxTJ1G8GpgdcvfwnVUrmyAw0j5X3bfvgQGz OuY6v7qggacUQwc6/R9jfJ09vZgMVS2BEjkLO9AFzuKk+JiKnqaVaqXOCaqMuiDFFUzs YBsDbxWq6rE61aBQWQl3yG7QCR9QOJi8S7AJ5uncDBV7FKQbQd8g3MnI05wfHBV5MN9F Xi3kcEGZ+SCRRrblELXXUO+EOTigr7ljfnuESbSK+22FdBZ/8YVGLMOfCXBOlyK4glzj rcNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=hgX1fquB5CYVOTdbzmGfHK+i3gB06WrPFWF/sM3a+Ts=; b=KB8eMSbD3cZQooj9A55LARfAGU2sf5laqh6UXO62zWSQto/aDL3ehz5adAzppWnwyZ Dqwrh7M6zCJPnjd/F2VwBrv2E5uvuBVXgSIu47r5zks8wo25w/2EUWhPvYKyiMyKk4DH n9h1MUNgI+IMZsfplXrNZ6J2XObR+2XpBwQqMxAEL0Tx8181kKMPzKlMTi24pxtFy2CM UCqe994M/RlNDwwIr58FX2xVr7Yl30nBf9Q/T4hkI88IJn+SPl6yxkvvV9jOWR9BA79/ xIgdTv59+0X+0b7kN+dCzFhv10iscLfTycfqQIuXLpLI0PXE4g/E0PBHjtagCsM+jI+o Tuug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mdLssEVu; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from phobos.denx.de (phobos.denx.de. [85.214.62.61]) by mx.google.com with ESMTPS id nc38si20647725ejc.622.2021.05.11.11.57.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 May 2021 11:57:53 -0700 (PDT) Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) client-ip=85.214.62.61; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=mdLssEVu; spf=pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.62.61 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 70B6E82F6B; Tue, 11 May 2021 20:57:50 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="mdLssEVu"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ABD9482F6F; Tue, 11 May 2021 20:57:48 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id C95B882F4F for ; Tue, 11 May 2021 20:57:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=ilias.apalodimas@linaro.org Received: by mail-ed1-x536.google.com with SMTP id bf4so24123630edb.11 for ; Tue, 11 May 2021 11:57:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=hgX1fquB5CYVOTdbzmGfHK+i3gB06WrPFWF/sM3a+Ts=; b=mdLssEVudG2wAUDT0qzB2G9Q/9fl10taamRON0OkWG9m9EzUWy3IMwQafT/GOpXudu i9RgAm7c18jL+v48Gk1ZdbkyNt9SklG/JatPNd6AMLafWyudzMB5U9l2L55Y+0M8TJVo vz+4ynVSNXOWVsvhGbwuQcGIXZt53BMMS7vhgl6Sa8fmIwIQz2l6Vk9C9ASEKtFh3AHV jrJFqtJTrwrnOHQrQxU81UPHixr3rS6rEoZ5707RKJU8HrGplawVx6GwJlRo6V0cyFwd qU3/s0lUNc1TglhMbAAdp4vZPwPkvCTs9DhxXMr+44t22J4XG3xahhYr0ByqENh+4wUM t3vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=hgX1fquB5CYVOTdbzmGfHK+i3gB06WrPFWF/sM3a+Ts=; b=FzqbnBZ24MtqIkqr6JmnL5G4qT3zQSje7zYJkFxizXS+Y64B/nLDo9kGTeOWZjp5+8 FcGLXNEI2pDz3RO/U8LKwUu5gvMzCzouXZMrHA+83MLs2CDxuk7pIWzUv19JK1xGGpY8 tarMt8CjrByzIz2W4JsGQBoxaSjRnHGtKf5uzO38ESQOTxws9lNVEwySbXDPNXYNJUO0 7tYOmhs02BAl4UcltPAwkR2IUnTaOMIyDV3Yo6mQsnFarZOLfSqTdaLGYJ+Z0bmmqJ8Z brxjuj7mEembki20IpB8ELhaDabL+lhaX2XqIk53kCA/XTDRt/a4fN8XpbJFBgYvtUQq pj1A== X-Gm-Message-State: AOAM531z0pA9WTmkLRKQLQCu5Ua2MWo6Rat8qw3wvspulgsRQ2x1c7Vo K854PKQ1NBEYMZZ19aSZwHmZqA== X-Received: by 2002:aa7:d408:: with SMTP id z8mr37855548edq.286.1620759465450; Tue, 11 May 2021 11:57:45 -0700 (PDT) Received: from apalos.home ([2a02:587:466e:1389:2e56:dcff:fe9a:8f06]) by smtp.gmail.com with ESMTPSA id q10sm15399979eds.36.2021.05.11.11.57.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 May 2021 11:57:45 -0700 (PDT) From: Ilias Apalodimas To: xypron.glpk@gmx.de Cc: Ilias Apalodimas , Alexander Graf , u-boot@lists.denx.de Subject: [PATCH] efi_loader: Don't stop EFI subsystem init if installing TCG2 fails Date: Tue, 11 May 2021 21:57:40 +0300 Message-Id: <20210511185740.295340-1-ilias.apalodimas@linaro.org> X-Mailer: git-send-email 2.31.0 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Up to now we are stopping the EFI subsystem if a TPMv2 exists but the protocol fails to install. Now that we've switched the config to 'default y' the sandbox TPM fails, since it doesn't support all the required capabilities of the protocol. Not installing the protocol is not catastrophic. If the protocol fails to install the PCRs will never be extended to the expected values, so some other entity later in the boot flow will eventually figure it out and take the necessary actions. Signed-off-by: Ilias Apalodimas --- lib/efi_loader/efi_tcg2.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) -- 2.31.0 diff --git a/lib/efi_loader/efi_tcg2.c b/lib/efi_loader/efi_tcg2.c index 8f8a26e7b7ae..23b9c3839740 100644 --- a/lib/efi_loader/efi_tcg2.c +++ b/lib/efi_loader/efi_tcg2.c @@ -1117,14 +1117,22 @@ efi_status_t efi_tcg2_register(void) ret = efi_add_protocol(efi_root, &efi_guid_tcg2_protocol, (void *)&efi_tcg2_protocol); - if (ret != EFI_SUCCESS) { - log_err("Cannot install EFI_TCG2_PROTOCOL\n"); + if (ret != EFI_SUCCESS) goto fail; - } out: return ret; fail: + log_err("Cannot install EFI_TCG2_PROTOCOL\n"); tcg2_uninit(); - return ret; + /* + * Return EFI_SUCCESS and don't stop the EFI subsystem. + * That's done for 2 reasons + * - If the protocol is not installed the PCRs won't be extended. So + * someone later in the boot flow will notice that and take the + * necessary actions. + * - The TPM sandbox is limited and we won't be able to run any efi + * related tests with TCG2 enabled + */ + return EFI_SUCCESS; }